Set up Microsoft Entra ID SSO

Article to help you setup an Azure Enterprise application for use with DecisionRules. Microsoft Entra ID was previosly known as Azure Active Directory.

Create Enterprise Application

In the Azure portal navigate to Enterprise applications -> New application -> Create your own application. Once there choose a name for the app and select "Integrate any other application you don't find in the gallery (Non-gallery)" option.

Set up SSO

Once the application has been created select Manage/Single sign-on. From the methods, select SAML.

You will be presented with SAML-based Sign-on settings. We will mostly focus on the first part of these settings, the Basic SAML Configuration. When first setting the application up you will be required to provide the Identifier (Entity ID) and the Reply URL.

Hit the three dots in the upper right corner of the Basic SAML Configuration card and then Edit.

  • For the Identifier (Entitiy ID) you can put in any easily identifiable name.

  • For the Reply URL put the address of your server (API) container with "/saml/callback" following.

    • example: ""

Environment Variables

These are the environment variables you will have to provide to your server container and where to find them.

  • SAML_ISSUER - Basic SAML Configuration / Identifier (Entity ID)

  • SAML_CALLBACK_URL - Basic SAML Configuration / Reply URL

  • SAML_CERT - SAML Certificates / Certificate (Base64)


The SAML_CERT has to be provided as a single line argument without the

------ BEGIN/END Certificate ------

More about SSO Environment variables here.

Adding Users

In the Enterprise Application go to Manage / Users and groups.

  • Add user/group

  • Select Users or Groups which should have access to the DecisionRules' SSO.

  • Click on Assign.

You can find more basic information with examples here: Setup Single Sign-On (SSO)

Last updated